# frozen_string_literal: true

class SessionController < Admin::ApplicationController
  skip_before_action :check_auth

  def new
    @admin = Admin.new
  end

  def create
    @admin = Admin.where(telephone: params[:admin][:telephone]).first.try(:authenticate, params[:admin][:password])
    if @admin
      session[:admin] = @admin.telephone
      redirect_to admins_url
    else
      redirect_to new_session_path, notice: '用户名或密码错误'
    end
  end

  def destroy
    session[:admin] = nil

    redirect_to new_session_path, notice: '退出成功'
  end

  private

  def admin_params
    params.require(:admin).permit(:telephone, :password)
  end
end
